Resources

  • Adobe CQ Pentesting Guide – Part 1 – resources.infosecinstitute.com
    This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users.
  • SkyDogCon 2013 Videos – www.irongeek.com
    Here are the videos from SkyDogCon 2013 (The south’s premier hacker/maker conference).
  • Creating a iOS7 Application Pentesting Environment – carnal0wnage.attackresearch.com
    This is just the basics. Once you get all of these utilities and tools installed you’re pretty much waiting on substrate to be working for iOS 7.

Tools

  • Creepy v1.0 – Codename “diskbråck” – github.com
    Long-awaited and long-overdue creepy v1.0 is finally here. Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
  • Kacak v0.1 released – github.com
    Kacak is a tool that can enumerate users specified in the configuration file for windows based networks. It uses metasploit smb_enumusers_domain module in order to achieve this via msfrpcd service.
  • shodan-python – github.com
    The official Shodan-Python API Documentation code is hosted on GitHub.

Techniques

  • geohot presents an evasi0n7 writeup – geohot.com
    This writeup takes place from the perspective of evasi0n7 by geohot(@tomcr00se). Note that this writeup doesn’t help Apple, he got this by reversing the public evasi0n binary, which they can, and do.
  • Getting Started with WinDBG – Part 2 – blog.opensecurityresearch.com
    This is a multipart series walking you through using WinDBG – OpenSecurity Research have gotten you off the ground with their last blog post, and now they’ll focus on it’s core functionality so that you can start debugging programs!
  • 12 Days of HaXmas: Apple Safari Makes Password Stealing Fun and Easy? Yes, Please! – community.rapid7.com
    This post is the second in a series, 12 Days of HaXmas, where Wei Chen take a look at some of more notable advancements in the Metasploit Framework over the course of 2013.
  • Using Burp Suite to Test Web Services with WS-Security – fishnetsecurity.com
    During a recent engagement 6Labs team ran into a web service endpoint that was using WS-Security for authentication, specifically it was using the “Username Token” profile. In order to make a successful request to the web service, you need to provide the following items.
  • Decrypting IOS Apps – www.infointox.net
    Devin Ertel is going to walk through the steps it takes to decrypt an iOS app. This post doesn’t talk about the reversing process once you get the app to IDA but what you need to do to start reversing an app in IDA and what you need to do to get the reversed app running on the phone again.
  • A chain is only as strong as its weakest link – DNS Hijack Monitoring – www.corelan.be
    It doesn’t really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced. Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.

Vulnerabilities

Other News